Question

Aptilo AC/SPA/MAS - Logging syslog Messages to SIEM


Hi
We have implemented Aptilo platform and would like to get help on the settings for sending syslog to our SIEM:

Aptilo AC

Aptilo CORE 5 - Linux ac1.wificiutada.intra 2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux

Aptilo Access Controller Version 9.1 Build 2286



From Aptilo send syslog to remote server SIEM. How we do it? The /etc/syslog.conf File

#kern.* /dev/console

*.info;mail.none;authpriv.none;cron.none -/var/log/messages

local0.=debug -/var/log/apc_debug

local0.=notice -/var/log/apc_notice

local0.=info /var/log/apc_info

local0.=warning /var/log/apc_warning

local0.=err /var/log/apc_error

local0.=crit /var/log/apc_critical

authpriv.* /var/log/secure

mail.* /var/log/maillog

cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log



Security events. What?

According to your experience and taking into account the issue of security. What are the events that contributed us something and we should see or monitor the Aptilo platform?

Is there any protocol for this type of device or Log Source Type should use for correct settings?




Regards and thanks,





Diego C

0 replies

Be the first to reply!

Reply